How Long Until it Normalizes

Hi,

I installed Defender a couple months ago and at that time you suggested Jetpack for Brute Force attack. Then last week you suggested that the new addition to Defender would handle the Brute Force attack and that I could drop Jetpack.

I have followed your suggestions and I am wondering how long I should expect it to take for Defender to have sufficient data to effectively handle Brute Force attacks?

Since making the change over (eliminating Jetpack and using Defender exclusively) my sites have been overwhelmed with Brute Force attacks and the admin has been difficult to access. Thus far Defender has blocked 1500+/- IP addresses but it doesn't seem to be improving access to the admin section of the site - if anything the admin is getting slower and more difficult to access.

At this point I am wondering if there is a way to just whitelist access to the login page as I can't continue with my sites being inaccessible.

Any suggestions would be greatly appreciated.

Thanks,

Pat

  • Nastia

    Hello Pat, I hope all is well!

    So sorry to hear that you still experiencing a Brute Force attack.

    I have followed your suggestions and I am wondering how long I should expect it to take for Defender to have sufficient data to effectively handle Brute Force attacks?

    To improve this issue, please decrease the Lockout Threshold time, from Defender > IP Lockout, from 300 sec to 100 sec.

    And increase the Lockout Time from 300 sec to 500 or 600 seconds, which is equal with10 min.

    Would you please grant access from WPMU DEV > Support so I can have a closer look at your settings and suggest if there is something we can do improve the Login Protection?

    At this point I am wondering if there is a way to just whitelist access to the login page as I can't continue with my sites being inaccessible.

    This should discourage attacks to your site.

    This is very good suggestion so I am moving this thread to Features & Feedback section. Hope this feature will be voted by our other members and our developers will consider adding to a features list.

    Thank you!

    Kind regards,
    Nastia

  • wlpdrpat

    Hi Nastia,

    I had already tried making the suggested changes. I also tried the permanently blocking failed logins. In both cases it was still eating up too much server resources due to the volume of requests. In the first 24hrs the plugin was active we had over 12K blocked IPs.

    Today in order to get access to my admin area I had to implement an .htaccess change to whitelist specific IP address ability to access the login page and send all other requests to 403 error page. I found how to do it here: https://premium.wpmudev.org/blog/limit-access-login-page/
    Of course, this is not an ideal solution either as we have already had clients calling to ask why they are being blocked from login. There is a second implementation in that article that is supposed to block bots from attempting to remotely login while allowing real visitors to the site to login as normal. However, that implementation won't work for our situation with multiple domains being mapped to the multisite.

    It would be really cool if your coding team could figure out how to make the second implementation work for the Defender plugin as it would solve most of the brute force attacks without have to block all the IP addresses and still give access to normal users to login.

    Thanks,
    Pat

  • Sajid

    Hello wlpdrpat,
    Hope you are doing good today :slight_smile:

    I can understand that how much bandwidth it consume along with keeping your site inactive for real users.

    I am moving this request to features and feedback forum for consideration by our development team. But please note that, by moving to Features and Feedback forum does not guarantee that it will be added for sure. It depends first if its possible to integrate with current system and also number of members interested in it by counting the +1's. More +1's from members of community, more chances of a feature request to be considered for development.

    Thanks for bringing it to our attention and being a valuable member of the community!

    Best Regards,
    Sajid - WPMU DEV Support